Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
The Synnovis cyber-attack: A critical warning for healthcare providers over patient safety
Published
Read time
On 3 June 2024, Synnovis, a pathology provider serving several NHS trusts in south-east London, suffered a ransomware attack which led to widespread disruption in NHS services and significant patient harm[1]. A year later, the full extent of the impact on patients is becoming clear.
In this article we will talk about why healthcare providers need to be aware of the additional risks to patient safety a cyber-attack can bring, how cyber threats expose critical insurance gaps and what steps you can take to protect your patients, operations, and reputation.
What do we know about the attack?
This ransomware attack crippled the Synnovis IT systems and caused widespread disruption across several NHS trusts in south-east London. The breach, reportedly enabled by the absence of two-factor authentication, resulted in nearly 600 incidents, 170 of which directly affected patient care. By January 2025, the financial impact was estimated at £37.7 million[2].
The consequences included:
Patient harm
- 1 case of severe harm – long term or permanent damage to health resulting in reduced life expectancy. This triggered a patience safety investigation at King’s College Hospital Foundation Trust
- 14 cases of moderate harm – no immediate life-saving intervention needed, but patients required follow up care or had limited independence for 6 months
- 155 cases of low harm – mild, short term impacts on health such as requiring extra observation or minor treatment
Service disruption
- Over 1,000 inpatient procedures cancelled at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust
- 10,152 acute outpatient appointments postponed
- Numerous tests in primary care deferred or cancelled
- Blood transfusions for surgeries were suspended at affected trusts
- Some cancer treatments, transplants and specialist maternity services were delayed or diverted
This incident serves as a powerful reminder that cybersecurity in healthcare is not just an IT issue, but a critical component of patient safety and operational resilience.
The Healthcare sector – a major target
The healthcare sector is one of the most frequently targeted industries for cyber-attacks. This is due to two key factors: the high value of sensitive medical records on the dark web, and the essential, time-critical nature of healthcare services. Any disruption can directly impact patient safety and care delivery.
Cybersecurity is no longer just an IT concern—it's a frontline issue in patient safety and operational continuity. To safeguard against these threats, healthcare providers must implement robust security measures and invest to keep their software and technology up to date.
To reduce risk, healthcare providers should:
- Conduct regular cybersecurity audits to identify vulnerabilities.
- Provide ongoing staff training on phishing, password hygiene, and secure data handling.
- Ensure all software and systems are regularly updated with the latest security patches.
- Implement multi-factor authentication (MFA) across all user accounts.
- Review and monitor third-party vendor security protocols.
- Use end-to-end encryption for sensitive data, both in transit and at rest.
- Develop and test a comprehensive incident response plan to ensure rapid recovery in the event of a breach.
Proactive investment in cybersecurity is not optional; it’s essential.
Will your insurance cover respond?
The Synnovis attack revealed a critical blind spot for many healthcare providers: even with both medical malpractice and cyber insurance in place, you may still be exposed to significant financial and legal risk. Why? Because these policies often operate in silos—and the gaps between them can leave you vulnerable when patient harm results from a cyber event.
Understanding the coverage divide:
- Medical Malpractice insurance – typically cover bodily injury claims, including medical errors and negligence, however, often exclude cyber incidents
- Cyber insurance – typically cover cyber-related incidents such as data breaches and ransomware attacks, but often exclude bodily injury claims.
This divide can create a dangerous grey area. For example, if a ransomware attack delays a critical diagnosis and the patient suffers harm, your cyber policy might cover the breach—but not the injury. Meanwhile, your malpractice policy might exclude the incident because it originated from a cyber event.
To assess whether your current insurance would respond effectively in a cyber crisis, consider the following:
- Does your medical malpractice policy exclude electronic data incidents or cyber-related harm? Some policies may include a full cyber exclusion, while others may “carve back” limited coverage for bodily injury caused by cyber events.
- Does your cyber policy include a bodily injury exclusion? Many cyber policies are designed to cover data loss and business interruption, but not the physical consequences of delayed or disrupted care.
- Are your policies coordinated? If your malpractice and cyber policies are held with different insurers, they may not be designed to work together, increasing the risk of disputes or denied claims.
Understanding how your insurance policies interact and where they fall short is essential. Without a coordinated approach, you may find yourself unprotected when it matters most.
Take action to help protect your patients and your practice
The Synnovis ransomware attack is a powerful reminder that cyber incidents don’t just disrupt operations—they can directly endanger patient lives and expose healthcare providers to serious legal and financial consequences.
Now is the time to act. Work with a specialist insurance broker who understands the unique risks facing healthcare providers. A tailored review of your medical malpractice and cyber policies can help you identify hidden gaps, eliminate grey areas, and ensure you’re fully protected when it matters most.
Don’t wait for a crisis to reveal the cracks in your coverage. Speak to Howden’s specialist Healthcare team today.
